Since the release of Elastic Security for SIEM in 2019, the solution has grown to include some of the industry’s most advanced analytics capabilities, including 100+ prebuilt ML-based anomaly detection jobs to detect previously unknown threats fast. Elastic introduced Elastic AI Assistant for Security last year to help SOC analysts with rule authoring, alert summarization, and workflow and integration recommendations. IDC recently highlighted how Elastic overcomes these limitationsin an IDC Market Perspective on their impressions of AI Assistant.
Co-pilots like AI Assistant are fast becoming table-stakes for many types of security products. As such, these early efforts still depend on the ability of the analyst to use them effectively. It is now time to integrate AI guidance and automation into the core investigative workflows of the SOC. Today, we are ushering in a new AI feature, Elastic Attack Discovery (patent pending), powered by the Elastic Search AI platform. Attack Discovery triages hundreds of alerts down to the few attacks that matter with a single button click and returns results in an intuitive interface, allowing security operations teams to quickly understand the presented attacks, take immediate follow-up actions, and more.
Prioritize attacks, not alerts
Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by the industry's foremost search technology. Large language models (LLMs) are only as accurate and current as the information they leverage: their underlying training data and the context provided with the prompt. As such, they require rich, up-to-date data to deliver accurate, tailored results — and efficiently gathering this confidential knowledge requires search. Search-based RAG delivers this context automatically and eliminates the need to build a bespoke LLM and constantly retrain it on ever-changing internal data.
“The attacks companies face are as constant as they are sophisticated, and with no lever to slow the deluge of signals, most security teams struggle to keep their heads above water,” said Santosh Krishan, general manager of Security at Elastic. “Nearly 20% of our security customers already use our AI Assistant to boost team efficiency. Similarly, Attack Discovery will power productivity and supplement practitioner knowledge to speed up threat detection, investigation, and response. It helps your people — and SOC — succeed.”
Lighten SOC workloads
Many SOCs have thousands of alerts to sift through daily. Much of this work is dull, time-intensive, and error-prone. Elastic removes the need for such manual effort. Attack Discovery triages out the false positives and maps the remaining strong signals to discrete attack chains, showing how related alerts are part of an attack chain. Attack Discovery uses LLMs to evaluate alerts, taking into consideration severity, risk scores, asset criticality, and more. By delivering this accurate and fast triage, analysts can spend less time sifting through alerts and more time investigating and addressing threats.
“You solved the workforce shortage problem with AI Attack Discovery. This investigation would have taken entire teams working on this,” said Ken Buckler, security analyst at EMA. “Attack Discovery blows Splunk out of the water!”
Elastic’s advantage
The Search AI platform harnesses data representing your entire attack surface, improving the accuracy of the insights and guidance delivered by the LLM. Elastic takes an LLM-agnostic approach and enables organizations to anonymize and redact confidential data by default.
Check out our AI-driven security analytics solution today.